In what situations would collect an image of memory most useful to the investigation?

1.2kviews

written 6.7 years ago by

nisha.vanjari • 40

modified 2.8 years ago by

pedsangini276 • 4.8k

Subject: Digital Forensics

Topic: Initial response and forensic duplication

Difficulty: Low

digital forensics

ADD COMMENT EDIT

1 Answer

20views

written 6.7 years ago by

nisha.vanjari • 40

A memory image is useful in two situations.

First, when malware is primarily memory-resident and leaves little trace evidence on storage.

Second, when attackers use encryption. We’ve gained access to many a password-protected RAR file through the examination of memory images.

ADD COMMENT EDIT

Please log in to add an answer.